Composer Repository

Composer is a dependency management tool for PHP.

For more information on Composer, please see:

Composer: The official website for Composer
Composer Documentation: The official docs for Composer

Contextual Documentation

The examples in this document are generic. Cloudsmith provides contextual setup instructions within each repository, complete with copy n' paste snippets (with your namespace/repo pre-configured).

In the following examples:

Identifier	Description
OWNER	Your Cloudsmith account name or organization name (namespace)
REPOSITORY	Your Cloudsmith Repository name (also called "slug")
TOKEN	Your Cloudsmith Entitlement Token (see Entitlements for more details)
USERNAME	Your Cloudsmith username
PASSWORD	Your Cloudsmith password
API-KEY	Your Cloudsmith API Key
PACKAGE_NAME	The name of your package
PACKAGE_VERSION	The version number of your package

Upload a Package

Upload via the Cloudsmith CLI

For full details of how to install and setup the Cloudsmith CLI, see Command Line Interface.

The command to upload a Composer package via the Cloudsmith CLI is:

cloudsmith push composer OWNER/REPOSITORY PACKAGE_NAME.phar

Example:

cloudsmith push composer org/repo your-package.phar

Upload via Cloudsmith Website

Please see Upload a Package for details of how to upload via the Website UI.

Download / Install a Package

Setup

To enable the retrieval of Cloudsmith hosted packages via Composer, the first step is to add your repository to the repositories section of your composer.json file. How you add your repository to your composer.json file differs if the repository is private or public.

Public Repositories

Add the following JSON snippet to your composer.json file:

"repositories": [
  {
    "type": "composer",
    "url": "https://dl.cloudsmith.io/public/OWNER/REPOSITORY/composer/",
    "options": {
    }
  }
]

Private Repositories

📘
Private Cloudsmith repositories require authentication. You can choose between two types of authentication, Entitlement Token Authentication or HTTP Basic Authentication.
The setup method will differ depending on what authentication type you choose to use.

🚧
Entitlement Tokens, User Credentials and API-Keys should be treated as secrets and you should ensure that you do not commit them in configurations files along with source code, or expose them in any logs

Add one of the following JSON snippets to your project composer.json file:

"repositories": [
  {
    "type": "composer",
    "url": "https://dl.cloudsmith.io/TOKEN/OWNER/REPOSITORY/composer/",
    "options": {
    }
  }
]

"repositories": [
  {
    "type": "composer",
    "url": "https://dl.cloudsmith.io/basic/OWNER/REPOSITORY/composer/",
    "options": {
    }
  }
]

🚧
NOTE
When using HTTP Basic Authentication you'll probably want to keep your credentials separately in your auth.json file instead of within the composer.json file. When you have your credentials ready, add one of the following JSON snippets to your auth.json file:

{
  "http-basic": {
    "dl.cloudsmith.io": {
      "username": "USERNAME",
      "password": "PASSWORD"
    }
  }
}

{
  "http-basic": {
    "dl.cloudsmith.io": {
      "username": "USERNAME",
      "password": "API-KEY"
    }
  }
}

{
  "http-basic": {
    "dl.cloudsmith.io": {
      "username": "token",
      "password": "TOKEN"
    }
  }
}

Specifying Dependencies

After the repository is added to your composer.json file, you then specify the dependency in the require section of your composer.json file or using the composer require command:

via composer.json file

Add the following JSON snippet to your project composer.json file:

{
  "require": {
    "PACKAGE_NAME": "PACKAGE_VERSION"
  }
}

via composer require

Use the following command:

composer require PACKAGE_NAME:PACKAGE_VERSION

Installing a Package

To install the dependencies listed in your composer.json file use the command:

composer install

Composer will then resolve all dependencies listed in your composer.json file and download them into the vendor directory in your project.

Configuration Example

The following is an example of a complete (but minimal) composer.json file with a public cloudsmith repository and a single dependency:

{
  "repositories": [
    {
      "type": "composer",
      "url": "https://dl.cloudsmith.io/public/org/repo/composer/",
      "options": {}
    }
  ],
  "require": {
    "cloudsmith/cloudsmith-composer-example": "1.0.157954077030330"
  }
}

Security Scanning

Supported Please see our

Security Scanning documentation for further information.

Upstream Proxying / Caching

Not Supported

Key Signing Support

GPG

Troubleshooting

Please see the Troubleshooting page for further help and information.

Upload a Package

Upload via the Cloudsmith CLI

Upload via Cloudsmith Website

Download / Install a Package

Setup

Public Repositories

Private Repositories

NOTE

Specifying Dependencies

via composer.json file

via composer require

Installing a Package

Configuration Example

Security Scanning

Upstream Proxying / Caching

Key Signing Support

Troubleshooting

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution